AppleがiPhoneやiPadなど向けiOS 15.7.2とiPadOS 15.7.2をリリース!

Appleは13日(現地時間)、iPhoneおよびiPod touch向けプラットフォーム「iOS」とiPad向けプラットフォーム「iPadOS」において前バージョン「iOS 15」や「iPadOS 15」の最新版「iOS 15.7.2(19H218)」および「iPadOS 15.7.2(19H218)」を提供開始したとお知らせしています。

対象機種はiOS 15やiPadOS 15の対応機種でiPhone 6s以降およびiPod touch(第7世代)、iPad(第5世代)・iPad Air 2・iPad mini 4・iPad Pro以降の各製品にて無料で更新可能となっており、これまでは次の新バージョン「iOS 16」にしない選択が可能でしたが、iPhoneについては今回よりiOS 16に対応している製品は同時に提供開始された最新バージョン「iOS 16.2」への更新のみが可能となっています。

そのため、iOS 15.7.2・iPadOS 15.7.2はiOS 16およびiPadOS 16の対象機種ではないiPhone 6sやiPhone 6s Plus、iPhone 7、iPhone 7 Plus、iPhone SE(第1世代)向けとなります。一方でiPadシリーズについてはこれまで通りに「iPadOS 16」に対応した機種についてはiPadOS 16.2またはiPadOS 15.7.2を選んで更新できます。iPadOS 16.2に更新する場合は「設定」→「情報」→「ソフトウェア・アップデート」を表示し、画面の下部に「その他の利用可能なアップデート」として「iPadOS 16にアップグレード」から行います。

変更点はiOS 15.7.2およびiPadOS 15.7.2ともに重要なセキュリティーアップデートが含まれているとしており、CVEに登録されている17個の脆弱性が修正されており、同社ではこれらのうちの一部の脆弱性が悪用された可能性があるという報告について把握しているということです。

02

Appleでは昨年に提供開始したiOS 15およびiPadOS 15から一定期間は次の最新バージョンに更新せずに既存のバージョンに留まる機能を提供しており、iOS 16の提供開始に合わせてiOS 15でもセキュリティーアップデートを行ったiOS 15.7およびiPadOS 15.7が提供され、その後、さらにiOS 15.7.1およびiPadOS 15.7.1が提供されていましたが、今回、さらなるセキュリティーアップデートを行う15.7.2およびiPadOS 15.7.2が配信開始されています。

更新は対象機種において本体のみでOTA(On-The-Air)によりダウンロードで行え、方法としては、「設定」→「一般」→「ソフトウェア・アップデート」から行うほか、iTunesをインストールしたパソコン(WindowsおよびMac)とUSB-Lightningケーブルで接続しても実施できます。なお、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 7 PlusでiOS 15.7.1からだと230.6MBとなっています。Appleが案内しているアップデートの内容およびセキュリティーコンテンツの修正は以下の通り。

iOS 15.7.2
このアップデートには重要なセキュリティアップデートが含まれ、すべてのユーザに推奨されます。

Appleソフトウェア・アップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/ja-jp/HT201222


iPadOS 15.7.2
このアップデートには重要なセキュリティアップデートが含まれ、すべてのユーザに推奨されます。

Appleソフトウェア・アップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/ja-jp/HT201222


iOS 15.7.2 and iPadOS 15.7.2
Released December 13, 2022

- AppleAVD
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: Parsing a maliciously crafted video file may lead to kernel code execution
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2022-46694: Andrey Labunets and Nikita Tarakanov

- AVEVideoEncoder
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved checks.
CVE-2022-42848: ABC Research s.r.o

- File System
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year Lab

- Graphics Driver
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: Parsing a maliciously crafted video file may lead to unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2022-42846: Willy R. Vasquez of The University of Texas at Austin

- IOHIDFamily
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved state handling.
CVE-2022-42864: Tommy Muir (@Muirey03)

- iTunes Store
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
Description: An issue existed in the parsing of URLs. This issue was addressed with improved input validation.
CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security

- Kernel
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: An app may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with additional validation.
CVE-2022-46689: Ian Beer of Google Project Zero

- libxml2
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
Description: An integer overflow was addressed through improved input validation.
CVE-2022-40303: Maddie Stone of Google Project Zero

- libxml2
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: A remote user may be able to cause unexpected app termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-40304: Ned Williamson and Nathan Wachholz of Google Project Zero

- ppp
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: An app may be able to execute arbitrary code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42840: an anonymous researcher

- Preferences
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state management.
CVE-2022-42855: Ivan Fratric of Google Project Zero

- Safari
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: Visiting a website that frames malicious content may lead to UI spoofing
Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation.
CVE-2022-46695: KirtiKumar Anandrao Ramchandani

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory consumption issue was addressed with improved memory handling.
WebKit Bugzilla: 245466CVE-2022-46691: an anonymous researcher

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: Processing maliciously crafted web content may result in the disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day Initiative

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: Processing maliciously crafted web content may bypass Same Origin Policy
Description: A logic issue was addressed with improved state management.
WebKit Bugzilla: 246783CVE-2022-46692: KirtiKumar Anandrao Ramchandani

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved input validation.
WebKit Bugzilla: 247562CVE-2022-46700: Samuel Groß of Google V8 Security

- WebKit
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1.
Description: A type confusion issue was addressed with improved state handling.
WebKit Bugzilla: 248266CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group














記事執筆:memn0ck


■関連リンク
エスマックス(S-MAX)
エスマックス(S-MAX) smaxjp on Twitter
S-MAX - Facebookページ
iOS 関連記事一覧 - S-MAX
iOS 15.7.2 のアップデートについて - Apple サポート
iPadOS 15.7.2 のアップデートについて - Apple サポート (日本)
iOS 15.7.2 および iPadOS 15.7.2 のセキュリティコンテンツについて - Apple サポート (日本)
Apple セキュリティアップデート - Apple サポート (日本)